In an improper authorization vulnerability, an authenticated user could read arbitrary files through the web interface at Port 10000/TCP and access sensitive information.

CVE-2017-2686 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.5.

In the cross-site scripting hole, the integrated web server at Port 10000/TCP is prone to reflected cross-site scripting attacks if an unsuspecting user clicks on a malicious link.

CVE-2017-2687 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.1.

In the cross-site request forgery issue, the integrated web server at Port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and clicks on a malicious link or visits a malicious web site.

CVE-2017-2688 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.6.

In the improper authorization vulnerability, an authenticated user could bypass access restrictions in the web interface at Port 10000/TCP to obtain privileged file system access or change configuration settings.

CVE-2017-2689 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.8.

In another cross-site scripting issue, the integrated web server at Port 10000/TCP could allow an authenticated user to perform stored cross-site scripting attacks.

CVE-2017-6864 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.4.

The product sees use mainly in the energy, healthcare and transportation sectors. It also sees action on a global basis.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.

Siemens recommends the following mitigations:
• Use the mitigation tool and follow the application note to disable the web interface and disable guest and operator accounts. The ROX I mitigation tool application is on the Siemens support web site.
• Restrict access to trusted administrators only
• Apply cell protection concept
• Use VPN for protecting network communication between cells
• Apply Defense-in-Depth

As a general security measure Siemens recommends protecting network access to the web interface at Port 10000/TCP of ROX I-based devices with appropriate mechanisms and configuring the environment according to Siemens’ operational guidelines in order to run the devices in a protected IT environment.